People of Ashkenazi Jewish and Chinese heritage were reportedly targeted in a data breach of information on the website of genetic testing and ancestry company 23andme Inc., said Connecticut Attorney General William Tong.
Tong announced Oct. 31 that he issued an inquiry letter to the company seeking more details on the breach of sensitive information for more than 5 million 23andme users.
“I understand that the 23andMe breach resulted in the targeted exfiltration and sale on the black market of at least one million data profiles pertaining to individuals with Ashkenazi Jewish heritage. According to reports, a second leak revealed the data of hundreds of thousands of individuals with Chinese ancestry, also for sale on the dark web. Finally, most recent reports point to a third leak of information from 23andMe’s “DNA Relatives” feature containing the genetic ancestry information of an estimated four million individuals.”
“I also understand from those reports that the threat actor claims to possess more than 300 terabytes of 23andMe data,” said Tong in the letter. “The increased frequency of antisemitic and anti-Asian rhetoric and violence in recent years means that this may be a particularly dangerous time for such targeted genetic information to be released to the public.”
Wired reported on Oct. 6 that a hacker began selling data points of what it claimed were 23andme profiles for between $1 and $10 per account. “Hackers posted an initial data sample on the platform BreachForums earlier this week, claiming that it contained 1 million data points exclusively about Ashkenazi Jews. There also seem to be hundreds of thousands of users of Chinese descent impacted by the leak,” Wired said in the article.
On its blog addressing data security concerns, 23andme last posted on Oct. 20, saying that the company had temporarily disabled some features within its DNA relative tool as a precaution. It did not specify what those disabled features are. However, its website shows that DNA relatives could view extensive personal information, including matching DNA segments.
The company previously announced that it’s working with federal law enforcement officials on the investigation.